api-documentation-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as 'find' and 'grep' to discover API information sources, route definitions, and existing documentation within a repository.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses and processes untrusted content from external repository files to generate documentation.
- Ingestion points: Repository files including OpenAPI specifications (.yaml, .json), code files (.py, .js, .java, .go, .rb), and existing documentation (.md).
- Boundary markers: Absent; the workflow does not provide instructions to the agent to ignore or isolate instructions that might be embedded within the files being scanned.
- Capability inventory: The skill utilizes shell command execution (find, grep), file reading, and implied file writing for documentation generation.
- Sanitization: Absent; no validation or filtering mechanisms are described for the content extracted from docstrings, comments, or external specs.
Audit Metadata